Author Topic: Can a hacker read the Avast excluded folders list? (Read 1032 times)

nlenoden · « **on:** September 17, 2022, 07:55:59 PM »

Windows Defender has a method to exclude folders, which it will then not
interfere with. But it turns out that WD keeps its list of excluded
folders right out in the open, so hackers can easily read it! This
security vulnerability has been known about for at least 8 years, but
Microsoft does not seem interested enough to even encrypt the excluded
folder list.

Avast also has an exclusion method. Is this also a security
vulnerability?

bob3160 · « **Reply #1 on:** September 17, 2022, 11:04:06 PM »

Quote from: nlenoden on September 17, 2022, 07:55:59 PM

Windows Defender has a method to exclude folders, which it will then not
interfere with. But it turns out that WD keeps its list of excluded
folders right out in the open, so hackers can easily read it! This
security vulnerability has been known about for at least 8 years, but
Microsoft does not seem interested enough to even encrypt the excluded
folder list.

Avast also has an exclusion method. Is this also a security
vulnerability?

Exclusion is telling Avast not to scan what's excluded. I don't know what you are trying to find out?

waking · « **Reply #2 on:** September 18, 2022, 04:39:20 AM »

Quote from: bob3160 on September 17, 2022, 11:04:06 PM

Exclusion is telling Avast not to scan what's excluded. I don't know what you are trying to find out?

Not speaking for the OP, but generally there are two (at
least) concerns that can arise with respect to excluded
folders.

(1) If a hacker or malware can identify which folders will
NOT be scanned by the security product in use then it is an
ideal place to copy malware.

(2) If a hacker or malware can not only read but also write
to the security product's exclusion list, then it can add
its own paths and filenames to that list.

Encryption of the exclusion list can prevent (1), as can
self-defense which prevents any and all accesses to the
product's data files including read access.

Self-defense mechanisms can also prevent (2).

Ideally all security products should implement such
protection schemes. I gather that the OP would like
to know if Avast prevents (1).

bob3160 · « **Reply #3 on:** September 18, 2022, 02:49:37 PM »

Avast has a very strong self-defense mechanism in place.
It's on by default but the user can turn it off.

James Boyd · « **Reply #4 on:** September 19, 2022, 08:39:02 AM »

You can encrypt folders in Windows, but I would say you should send an email to Avast Support (in addition to any advice you get here on this forum) and ask them "If I encrypt exclusion folders in Avast will it cause Avast to not function properly?"

That is what I would do...

igor · « **Reply #5 on:** September 19, 2022, 09:23:08 AM »

Quote from: waking on September 18, 2022, 04:39:20 AM

Ideally all security products should implement such protection schemes.

I'd say ideally (and that's not just some far ideal that's never reached, it should be the common case for most users) the user shouldn't have any exclusions. Exclusions are bad, period.

As for malware reading the exclusion list - you're right, but that requires that malware is already running on the machine... i.e. it's kinda too late anyway.

Author Topic: Can a hacker read the Avast excluded folders list? (Read 1032 times)

nlenoden

Can a hacker read the Avast excluded folders list?

bob3160

Re: Can a hacker read the Avast excluded folders list?

waking

Re: Can a hacker read the Avast excluded folders list?

bob3160

Re: Can a hacker read the Avast excluded folders list?

James Boyd

Re: Can a hacker read the Avast excluded folders list?

igor

Re: Can a hacker read the Avast excluded folders list?